I really like the approach in this video man, going through the possible cases and the "what-if" scenarios. Pretty much showcasing not only how you'd handle rabbit holes and coming back to them as well. cool stuff
Love your videos, basically 90% of what I know in this domain comes from your videos. Thanks a million. If there is one thing I would love to see or hear more about is your thought process. I really learn a lot from hearing you explain why you do this or that, or go in one direction or not. More than on how to exploit the vulnerabilities. Would you consider streaming when you do boxes for the first time?
There's a few things that make this tough. It's primarily because talking slows me down and makes it harder to think, and that I don't really want to opensource my workflow. Some examples: - First take this box for example, I do have a library I made to help automate exfiltration through injection. I don't have any plans to opensource it, so you would never get a raw first look. That being said, I also have alias/scripts setup to make running ffuf/gobuster/feroxbuster quicker. Doing these types of things makes videos not age well as it requires more setup and the scripts change as the programs do, so older videos wouldn't be able to be followed. - Like the first thing, when i do recon in videos, I typically setup 5-10 things. I setup scripts of inotify to start up SQLMaps when i drop a .req file in a folder. So I can always keep my recon running. - For every 1 recon i show in the video, I typically do 10 through optimizations. It would be very repetitive to show UDP Nmap's on every box, or vhost fuzzing when there are no vhost. Doesn't mean I don't do them, it just means I don't want to add the couple minutes to every video because without them they are already near 2h - Lastly, I change my scripts/setup and such on a near weekly basis, so that level of change would easily make it so you couldn't follow a video as I may of changed things around by the time you watch the video.
Hi ippsec! generic question here: what's the fastest way you usually use to identify the right vulnerability/technique during a pentest? there are a lot of options when pentesting a website, do you just examine each one or have methods to identify the right one faster? (like what if u gotta go thru a big WPSCAN vuln list, u just try everything??)
I would setup a lot of recon and then go based upon gut feeling or experience. There's a lot of factors that come into play. Function of the website, technologies used, the framework it is coded in, etc. A lot of times I just do enough recon until something sticks out to me as behaving suspiciously.
Hey Ippsec, I've been a big fan of your content for a while now and I've learned so much from watching your videos. I've been following your journey through Hackthebox and I'm always amazed at your level of expertise in so many different areas. But it got me thinking, is it better to specialize in a certain field or to be a jack of all trades like you seem to be? I'm currently trying to figure out my own path in the security industry and I'm not sure which direction to take. Should I focus on one area and become an expert or should I try to learn as much as I can about everything? I would love to hear your thoughts on this. Thanks for all the amazing content you put out!
So this is all my opinion but I think it all depends on where you are at in life. Jack of all trades is tougher and probably pays less, but from my perspective, it's the hardest to burn out in. As when you get sick of one thing you have another thing you can focus on. That being said, some burn out on hours alone. I don't think time burns me out as much as repetition. If you need to get in the field, often times the interview is just a matter of passion and knowing some things the interviewer does not and can get them talking about things you want to talk about. If you know a little bit about everything, I find this tougher. It's easier to prove value if you know WAF/Cloudflare super well and apply to that position. It's been a long way of saying, I have no idea and no way is foolproof. I like jack of all trades, but that's the type of person I am.
10:21 it's a post request, the only GET is the all-leave, so there is no GET for submit-leave. You have to send a post request instead of a GET one. In the last argument you can see the parameters you can include
20:15 maybe it is good to put longer password to be sure that form is not vulnerable to username enumeration by response time because you can better spot the difference in response time (if it exists) between valid and invalid username if password is long
Username enumeration is a low finding, and best fixed by having a random sleep or just doing a hash function either way…. This box wasn’t vulnerable because it used an insecure hash. So it’s too bad to be vulnerable 😂
I really like the new way of teaching the real life source code review example during these videos. Thanks a ton legend. Kudos to you.
I really like the approach in this video man, going through the possible cases and the "what-if" scenarios. Pretty much showcasing not only how you'd handle rabbit holes and coming back to them as well. cool stuff
Love your videos, basically 90% of what I know in this domain comes from your videos. Thanks a million. If there is one thing I would love to see or hear more about is your thought process. I really learn a lot from hearing you explain why you do this or that, or go in one direction or not. More than on how to exploit the vulnerabilities. Would you consider streaming when you do boxes for the first time?
There's a few things that make this tough. It's primarily because talking slows me down and makes it harder to think, and that I don't really want to opensource my workflow. Some examples:
- First take this box for example, I do have a library I made to help automate exfiltration through injection. I don't have any plans to opensource it, so you would never get a raw first look. That being said, I also have alias/scripts setup to make running ffuf/gobuster/feroxbuster quicker. Doing these types of things makes videos not age well as it requires more setup and the scripts change as the programs do, so older videos wouldn't be able to be followed.
- Like the first thing, when i do recon in videos, I typically setup 5-10 things. I setup scripts of inotify to start up SQLMaps when i drop a .req file in a folder. So I can always keep my recon running.
- For every 1 recon i show in the video, I typically do 10 through optimizations. It would be very repetitive to show UDP Nmap's on every box, or vhost fuzzing when there are no vhost. Doesn't mean I don't do them, it just means I don't want to add the couple minutes to every video because without them they are already near 2h
- Lastly, I change my scripts/setup and such on a near weekly basis, so that level of change would easily make it so you couldn't follow a video as I may of changed things around by the time you watch the video.
love past/present/future moments!! i appreciate you explaining the thought process of the cmds you're using.
As usual... Ippsec rock 🤟🏻
Just loved the video... from ippsec knowledge more is always better!!! this ippsec from the future just rocks and must stick with us from now on 🎉🎉
You're just fantastic, Ippsec. You really rock.
Hi ippsec! generic question here: what's the fastest way you usually use to identify the right vulnerability/technique during a pentest? there are a lot of options when pentesting a website, do you just examine each one or have methods to identify the right one faster? (like what if u gotta go thru a big WPSCAN vuln list, u just try everything??)
I would setup a lot of recon and then go based upon gut feeling or experience. There's a lot of factors that come into play.
Function of the website, technologies used, the framework it is coded in, etc.
A lot of times I just do enough recon until something sticks out to me as behaving suspiciously.
@@ippsec thank you!
Hey Ippsec,
I've been a big fan of your content for a while now and I've learned so much from watching your videos. I've been following your journey through Hackthebox and I'm always amazed at your level of expertise in so many different areas.
But it got me thinking, is it better to specialize in a certain field or to be a jack of all trades like you seem to be? I'm currently trying to figure out my own path in the security industry and I'm not sure which direction to take. Should I focus on one area and become an expert or should I try to learn as much as I can about everything?
I would love to hear your thoughts on this. Thanks for all the amazing content you put out!
So this is all my opinion but I think it all depends on where you are at in life.
Jack of all trades is tougher and probably pays less, but from my perspective, it's the hardest to burn out in. As when you get sick of one thing you have another thing you can focus on. That being said, some burn out on hours alone. I don't think time burns me out as much as repetition.
If you need to get in the field, often times the interview is just a matter of passion and knowing some things the interviewer does not and can get them talking about things you want to talk about. If you know a little bit about everything, I find this tougher. It's easier to prove value if you know WAF/Cloudflare super well and apply to that position.
It's been a long way of saying, I have no idea and no way is foolproof. I like jack of all trades, but that's the type of person I am.
@@ippsec Thanks for responding!
Design rocks 🤟
Great video as always ❤
Hello, great video as always. Which VSCode extension are you using for autocomplete please?
GitHub copilot
Does this ever work in reality? Surely no signature will be in some wordlist somewhere
great video, could you just make the system font a little bigger? i mean the font size in the browser / burpsuite
I'll do my best, next video is already recorded but from then on I'll have burp a few bigger.
@@ippsec yeah, no problem. thanks for everything. did you change monitor? i wanna think this is happening after the transition from 1080p to 1440p
Please keep those deep dives in!
10:21 it's a post request, the only GET is the all-leave, so there is no GET for submit-leave. You have to send a post request instead of a GET one. In the last argument you can see the parameters you can include
❤
Fantastic!
how to setup vscode
Amazing video
Mm could u do a series where someone could go from zero to hero by hack the box
www.hackthebox.com/blog/It-is-Okay-to-Use-Writeups
20:15 maybe it is good to put longer password to be sure that form is not vulnerable to username enumeration by response time because you can better spot the difference in response time (if it exists) between valid and invalid username if password is long
Username enumeration is a low finding, and best fixed by having a random sleep or just doing a hash function either way…. This box wasn’t vulnerable because it used an insecure hash. So it’s too bad to be vulnerable 😂
Push!
Do something with binary exploitation, I want to learn to go from a compiled exe to Gehidra to buffer overflow to rce